Application No.: 10/021,450 
Amendment/Response dated October 10, 2006 
Response to Office action dated July 12, 2006 

Amendment to the Claims: 

This listing of claims will replace all versions, and listings, of claims in the application: 

1. (Currently Amended): A method for servicing a Virtual Local Area Network 
(VLAN) by an access point , comprising: 

storing maintaining a table associating [[a ]]broadcast keys with [[a ]]VLANs at an 
access point local to the access point : 

receiving a request for access to a network from a wireless station by the access point ; 

authenticating the wireless station with an authentication server responsive to the request 
by the access point : 

receiving from the authentication server data identifying a VLAN for the wireless station 
by the access point : 

accessing the table maintained at the access point local to the acc e ss point to determine 
an appropriate broadcast key for the VLAN identified by the authentication server : and 

transmitting the appropriate broadcast key to the wireless station by the access point . 

2. (Cancelled). 

3. (Previously Presented): The method of claim 1 further comprising the step of using 
a separate broadcast key associated with each VLAN to encrypt the data. 

4. (Cancelled). 

5. (Previously Presented): The method of claim 1 wherein the wireless station 
operates in accordance with the IEEE 802.11 standard. 

Claims 6 -7. (Cancelled) 

8. (Previously Presented): The method of claim 1 wherein the VLAN comprises a 
mobile IP subnet. 
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9. (Previously Presented): The method of claim 8 further comprising a step of tagging 
data to determine to which VLAN the data belongs. 

10. (Currently Amended): An access point, comprising: 

means for maintaining a table associating broadcast keys with Virtual Local Area 
Networks (VLANs) at the access point: 

means for receiving a request for access to a network from a wireless station; 

means for authenticating the wireless station with an authentication server: 

means for receiving from the authentication server data identifying a Virtual Local Area 
Network (VLAN) for the wireless station; 

means for accessing a table stored locally means for maintaining at the access point to 
determine an appropriate broadcast key for the VLAN identifier identified for the wireless 
station by the authentication server ; and 

means for transmitting the appropriate broadcast key to the wireless station. 

11. (Cancelled) 

12. (Previously Presented): The access point of claim 10 wherein a separate broadcast 
key is associated with each VLAN to encrypt data. 

13. (Cancelled) 

14. (Previously Presented): The access point of claim 10 wherein the wireless station 
operates in accordance with the IEEE 802.11 standard. 

15. (Cancelled) 

16. (Currently Amended): The access point of claim 10 further comprising a tag for 
data to determine [[ ]]which VLAN the data belongs. 
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17. (Previously Presented): The access point of claim 10 wherein the VLAN comprises 
a mobile IP subnet. 

18. (Cancelled) 

19. (Previously Presented): A method according to claim 1, further comprising: 
receiving a session key from the authentication server; 

sending the session key to the wireless station; and 

encrypting the appropriate broadcast key with the session key for the wireless station. 

20. (Previously Presented): An access point according to claim 10, further 
comprising: 

means for receiving a session key from the authentication server; 
means for sending the session key to the wireless station; and 

means for encrypting the appropriate broadcast key with the session key for the wireless 

station. 

Claims 21 - 22 (Canceled): 

23. (New): A system comprising: 

a first access point, the first access point configured with a first table for associating a 
first set of encryption keys with Virtual Local Area Networks (VLANs); 

a second access point, the second access point configured with a second table for 
associating a second set of encryption keys with VLANs; 

an authentication server communicatively coupled to the first access point and the second 
access point; 

wherein the first access point responsive to an association request from a wireless station 
authenticates the wireless station with the authentication server, the first access point receiving 
data from the authentication server identifying a VLAN associated with the wireless station, the 
first access point being responsive to receiving the data identifying the VLAN associated with 
the wireless station to access the first table and determine a first appropriate encryption key from 
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the first set of encryption keys for the VLAN associated with the wireless station and the first 
access point is configured to communicate the first appropriate encryption key to the wireless 
station; and 

wherein the second access point responsive to an association request from the wireless 
station authenticates the wireless station with the authentication server, the second access point 
receiving data from the authentication server identifying the VLAN associated with the wireless 
station, the second access point being responsive to receiving the data identifying the VLAN 
associated with the wireless station to access the second table and determine a second 
appropriate encryption key from the second set of encryption keys for the VLAN associated with 
the wireless station and the second access point is configured to communicate the second 
appropriate encryption key to the wireless station. 

24. (New): A system according to claim 23, wherein the first access point is configured 
to dynamically assign an encryption key as the first appropriate key for the VLAN associated 
with the wireless station responsive to no encryption key in the first set of encryption keys being 
associated with the VLAN associated with the wireless station. 

25. (New): A system according to claim 23, wherein the first access point receives a 
session key for the wireless station from the authentication server, the first access point is 
responsive to encrypt the first appropriate key with the session key prior to communicating the 
first appropriate key with the wireless station. 

26. (New): A system according to claim 23, the first access point is responsive to 
receiving one of a group consisting of a broadcast packet and a multicast packet for the VLAN 
associated with the wireless station to transmit the one of the group consisting of the broadcast 
packet and the multicast packet encrypted with the first appropriate key. 
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